decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.


You won't find me on Facebook


Donate

Donate Paypal


No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
Public website = house, terrible analogy | 269 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
The issue with this argument
Authored by: cjk fossman on Tuesday, July 02 2013 @ 07:39 PM EDT
If a site owner doesn't bother to secure a resource, it's
open.

[ Reply to This | Parent | # ]

The issue with your argument...
Authored by: Anonymous on Tuesday, July 02 2013 @ 07:47 PM EDT
...is that you are using a false analogy to draw your conclusions.

[ Reply to This | Parent | # ]

The issue with this argument
Authored by: tknarr on Tuesday, July 02 2013 @ 08:38 PM EDT

However, the repairman and the criminal know whether they were asked to repair the window or not. We may not know, but they do. And they, not we, are the ones who would have to know.

Accessing a Web site isn't even like the repairman. Web sites are by default public to at least some degree. Even most members-only sites have a public home page where you can create an account or buy a membership. And unlike the repairman who doesn't go to the house unless called, you don't normally wait for a Web site to invite you before you visit it. Whether you found a link to it on another site or someone sent you the name of the site or you found it via a search engine, you are the one to initiate the visit. So, the question is, how do you know before you hit the page whether that page is public or not? Answer, you don't. Not until the Web site serves up the response to your access request do you know. The equivalent wouldn't be a repairman working on a window. It'd be you walking down the street looking at storefronts, all of them with open doors and people going in and out. There are 10 stores, 1 of which has decided that only certain people are allowed in. But that store hasn't posted anything saying that, they haven't closed their door, they haven't published anything saying they're not open to the public. There is nothing on their storefront different from the other 9 stores that are open to the public. So, which store are you not authorized to try to enter? And if you try to enter one through the unlocked, open door, is it reasonable for you to be arrested for breaking and entering?

[ Reply to This | Parent | # ]

The issue with this argument
Authored by: PolR on Tuesday, July 02 2013 @ 09:13 PM EDT
By that logic, crawlers for search engines are criminal because they are
accessing thousands of urls in an automated manner without permission.

Windows are not meant to enter houses and going through one without
authorization is trespassing. Using a url to access contents is how the Internet
is designed to work. The number of urls being accessed doesn't change this
reality. What AT&T did is like undressing in plain light in front of a
window without curtains while expecting privacy.

Authentication procedures are the Internet equivalent of curtains and they
should be used.

[ Reply to This | Parent | # ]

You can tell this guy didn't read the brief
Authored by: Anonymous on Tuesday, July 02 2013 @ 09:39 PM EDT
His mind is made up. Don't confuse him with the facts.

[ Reply to This | Parent | # ]

The issue with this argument
Authored by: Anonymous on Tuesday, July 02 2013 @ 10:12 PM EDT
Two men standing walking down a sidewalk see a woman who is
standing in the middle of the street undressing. One is her
boyfriend. One is a dirty old man.

Does the fact that she kind of likes one of them looking at
her, but not the other, make one of the men a criminal?

Or should she maybe think about doing that sort of thing
indoors, where she has a reasonable expectation to control
who's looking at her and who isn't?

[ Reply to This | Parent | # ]

Public website = house, terrible analogy
Authored by: Anonymous on Tuesday, July 02 2013 @ 10:46 PM EDT
A publicly accessible website is nothing like someone's house, and a http
request/response is nothing like removing a window.

If we have to do analogies, the closest is maybe a booth at a tradeshow.
"Come in and visit us" says at&t. "Just like all the other
vendors, we want
your eyes on us. Look at all this information we have for you to look at!"

And when you enter and look at some things, they say "You looked at
that stuff in the corner? We didn't want you to look at _that_. You are a
dirty felon. Security!"

--Ash

[ Reply to This | Parent | # ]

  • exactly - Authored by: Anonymous on Thursday, July 04 2013 @ 08:49 AM EDT
The Butler Did It
Authored by: Anonymous on Wednesday, July 03 2013 @ 11:58 AM EDT
AT&T created a website to act as its agent. The agent, which
we can imagine as their butler, would answer the door and
provide information to anyone who came up with a properly
formatted salutation, knock-knock joke, or whatever you want
to call the parameters of address.

Since the butler was never given any instructions to refuse
information to anyone, it's rather a stretch to claim someone
tricked him into revealing something improperly.

[ Reply to This | Parent | # ]

A Phonebook is a better analogy for this
Authored by: Anonymous on Wednesday, July 03 2013 @ 11:37 PM EDT
A much better analogy would be someone thumbing through the pages of a phone
book in order to collect phone numbers. So what he SHOULD have done is look for
a specific entry on a specific page, retrieved the ONE number that he SHOULD
have been focused on, closed the book, and when on with his business. Anything
else would be... well... illegal, right? Yeah.


The facts, as I see them, are these:

1. ATT (using whatever air-pocket logic that was floating through the room at
the time) decided to make these email addresses available without the
requirement of a password, and they did so without their customer's knowledge or
consent. What is ironic is that, from what I understand, they were doing it for
the convenience of their customers. Tsk, tsk. It's a Start-Menu way of
thinking that brings people to confuse convenience with security.

2. Some guy went to ATTs web server and collected lots of email addresses that
ATT readily gave out without any need for passwords. He did not crack any of
ATTs customer's accounts. He did not use any passwords in order to retrieve
those bits of information. Finally, those bits of information were not even in
encrypted form. They were just there, ready to be retrieved, and all for the
convenience of the customer.

3. ATT and prosecutor pressed charges, claiming that what this guy did was
illegal because he must have cracked into the web server (after all - ATT would
NEVER use air-pocket logic in order to make this information so readily
available without the use of passwords, right? I mean, think of the swarms of
customers that might take exception to something like THAT).

4. ATT also claims that, because of this guys actions, they were forced to
spend lots of money, sending out letters to the affected customers, falsely
claiming that there had been a break-in and that their email addresses had been
collected. What they SHOULD have done was apologize for not thinking their
design strategy through, and instead of just sending those letters out to the
customers whose email addresses had actually been retrieved, ATT SHOULD have
sent out those letters to ALL of their affected customers (see 1 for a better
understanding of scope).

5. This guys in jail for essentially thumbing through the pages of a phone
book. "It can't be the fault of ATT -- that sooper-evil haxor is in jail,
and the world is a safer place now." How dumb to we really, really need to
be?


ATT sure seems to spend quite a bit of attention on their interpretation of what
their customers think of them. It might be a good idea for them to start
putting some focus on what they think of their customers as well. While I'm not
an ATT customer (and I don't think I care to be, at least not now), I think it
would behove them to take some of that money from the PR and litigation
campaigns and perhaps put it into designing better, more secure design
strategies. You know... For the benefit of those lowly customers, and all.
Just an idea. :)




Disclaimer: I am not a lawyer, and the opinions in this post are mine. I do
not believe ATT to be creepy-evil (yet). Instead, I give them the benefit of
the doubt and assume that they are logic-deprived enough to see their own fault
in this. Nah... I'm back and forth on it. :)

[ Reply to This | Parent | # ]

The issue isn't removing the window - it is stepping on the driveway
Authored by: Anonymous on Thursday, July 04 2013 @ 08:39 AM EDT
Since the site is open to public access, it isn't a case of
removing a window, the offence is stepping onto a driveway
with a left open gate, and walking up to the front door. Now,
should this be a criminal offence punishable by 4 years
imprisonment?

[ Reply to This | Parent | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )